Understanding the threat landscape on Andriod & iOS

By: Amit Nath, Country Manager, India & SAARC – F-Secure

In recent years, mobile and tablet devices have become the number one way in which we connect to the Internet, use social media sites, conduct online banking and make financial transactions on the go. While mobile and tablet devices are more popular than ever, their owners still underestimate the danger they might encounter. And as smartphone penetration reaches record levels globally, cyber criminals are starting to switch their focus to standalone attacks on mobile devices.

One such threat is mobile malware and surprisingly, many users know nothing or very little about this cyber threat targeting mobiles. The amount of mobile malware is growing faster than ever. And even though app stores are implementing new security measures, malware writers are just as quickly coming up with new ideas. Currently, over 80% of mobile malware is profit-motivated. Besides, the market reports also indicate that privacy-invading apps dominate thelandscape, some containing malware, and many leveraging ad libraries to target unsuspecting app users.

According to industry statistics, in 2014, the amount of mobile malware increased by a devastating 75%, and the number of new mobile malware samples jumped by 49 percent from Q4 2014 to Q1 2015. And among all the mobile platforms, Android is still the primary target for cyber crime attacks on mobile platforms, as a staggering 97 percent of mobile malware is targeted at Android devices. In 2014 alone, there were 1,268 known families of Android malware, which is an increase of 464 from 2013 and 1,030 from 2012.

Amongst the all the Android vulnerabilities, WebView has become a big security problem especially for mobile devices running on the old Android OS. The WebView vulnerability could be exploited to compromise apps that run on the old Android code. Cybercriminals could tamper or steal data such as cookies and passwords.

Meanwhile, 259 out of the total 574 known variants of the SmsSend family were identified in the latter half of 2014, making it the fastest growing family ofmobilemalware. SmsSend generates profits for criminals by infecting Android devices with a Trojan that sends SMS messages to premium-rate numbers. Ransomware also continued to plaguemobileusers, with the Koler and Slocker families of ransomware identified as the topthreatsto Android devices.

While Android continues to be the favored target for the majority of mobile malware, threats directed towards Apple iOS do exist. Due to the rather secure ecosystem of Apple, the amount of malware in iOS is still marginal. However, this mobile platform mainly has attacks using phishing, wherein cyber criminals are after the user’s passwords that could lead to identity theft.

Meanwhile, late last year, researchers discovered a new attack on iOS devices that could allow attackers to unsuspectingly access and steal users’ personal and financial information from their app caches. This ‘Masque Attack’ was one of the first to be put together with WireLurker malware, which originally attacked iOS devices through USB.

Moreover, both Android&iOShave experienced malware samples which have tried to attack the banking applications and mobile wallets. Besides, there has been a rise of SMS message sending trojans and ransomware attacks on mobile wallets and virtual currencies.

What you can do to protect yourself

By default, Android smartphones are programmed to block installation of apps from any other source than Google Play Store. Make sure that your device does not allow any app to be installed from any other source, by unchecking the option under Setting > Applications > Unknown Sources. By mistake, if this option is checked, then apps can be installed from other third party sources or app stores. If you do install any app from an unknown source, make sure you scan it using a trusted mobile antivirus solution.

Rarely, do we check the permissions asked by apps when we are installing them. Many of these apps require access to Internet connection, while some require access for sending SMS messages. One must look at the utility of the application and decide if the app needs these permissions. One can also look at the comments posted by fellow users on the Google App play store before one decides to install any app.

To combat the dramatic rise in the number of malware targeting mobile devices and safeguard their devices from know and new threats, mobile users need to install a complete security solution that should provide anti-malware and anti-phishing protection along with carrying anti-theft and privacy protection functionalities.

DQ Live SlideShow

Pradeep Gupta, CMD, CyberMedia Group welcoming Dr Arvind Gupta, National Head Information Technology, BJP. Dr Gupta was the Chief Guest of the evening

(L-R) Sunil Sharma, VP, Sales, India & Saarc, Cyberoam and Dr Arvind Gupta, National Head IT giving the Dataquest Business Technology Award to Sapient Consulting for the best IT implementation in security, mobility, unified communications, and infrastructure management

Jubilant Lifesciences received the award for best IT implementation in analytics, mobility, cloud, ERP/SCM/CRM

ING Vysya Bank received the award for best IT implementation in mobility and ERP/SCM/CRM, infrastructure management

Escorts received the award for best IT implementation in analytics and security

Amity received the award for best IT implementation in security and unified communications

LV Bank received the award for best IT implementation in unified communications

Biocon received the award for best IT implementation in mobility and unified communications

Happiest Minds received the award for best IT implementation in security and cloud

HCL Infosystems received the award for best IT implementation in cloud and ERP/SCM/CRM

Evalueserve received the award for best IT implementation in security and cloud

Sterlite Technologies received the award for best IT implementation in analytics and cloud

Serco Global received the award for best IT implementation in mobility and cloud

Intellect Design Arena received the award for best IT implementation in cloud and unified communications

Reliance Entertainment received the award for best IT implementation in analytics and cloud

Canon India received the award for best IT implementation in analytics

Persistant Systems received the award for best IT implementation in analytics

ILFS received the award for best IT implementation in infrastructure management

eClerx received the award for best IT implementation in analytics

Sesa Sterlite received the award for best IT implementation in ERP/SCM/CRM

Hero Moto Corp received the award for best IT implementation in ERP?SCM?CRM

KPIT received the award for best IT implementation in unified communications

JK Tyres received the award for best IT implementation in analytics

Idea Cellular received the award for best IT implementation in analytics

Godfrey Philips received the award for best IT implementation in infrastructure management

Aviva Life Insurance Co received the award for best IT implementation in infrastructure management

Hindalco received the award for best IT implementation in analytics

Aircel received the award for best IT implementation in unified communications

Dr Lal Path Labs received the award for best IT implementation in cloud

Gati received the award for best IT implementation in mobility

Perfetti Van Melle received the award for best IT implementation in cloud

Sheela Foam received the award for best IT implementation in mobility

Tata Communication received the award for best IT implementation in ERP/SCM/CRM

NDTV received the award for best IT implementation in analytics

Hindustan Power received the award for best IT implementation in mobility